Western Digital: Last Friday (25), owners of My Book Live and My Book Live Duo, manufactured by Western Digital, had an unpleasant surprise when trying to access their files. Some drives in the hard drive lineup, which offer a “home cloud storage system,” were hacked through a flaw and reset to factory defaults—losing all stored data.
Experts believed that the episode was caused by the same flaw that allowed a similar attack in 2018, which guaranteed privileged access to attackers. However, another flaw was found during an analysis of the attack, which allowed attackers to bypass login credentials, wipe data from devices, and finally install malicious file packages.
An analysis of the device firmware revealed that the codes that could prevent the attack were disabled by Western Digital itself, while its developers did not add input recognition mechanisms to the component configuration file. Together, the two flaws made it possible for the My Book Live and My Book Live Duo to be restored to factory default without requiring owner credentials.
Considering the two different methodologies used during the attack, some experts, such as the professionals at the Ars Technica website, speculate that what happened may have been the result of a dispute between two or more groups of hackers. However, the episode still lacks more information to define the real motivation of the invaders.
On the other hand, Western Digital was helpful with the damaged users, offering services to recover lost data from next July and even a program to exchange devices for a more modern line, such as My Cloud.